Tag | LDAP Posts

As many of you may already know that, I'm working at a global gaming and entertainment company taking the responsible for design and implement the next generation platform which will be running on the cloud, and also design the cloud platform as well. Currently one of the goal is to replace the active directory integrated security and identity solution with certificate-based solution in our product. In short, we need to work with Active Directory Certificate Service to request and issue the certificates ...
© 2011 By: Dov Trietsch. All rights reserved finding a person in the forest or Limiting the AD result in SharePoint People Picker There are times when we need to limit the SharePoint audience of certain farms or servers or site collections to a particular audience. One of my experiences involved limiting access to US citizens, another to a particular location. Now, most of us – your humble servant included – are not Active Directory experts – but we must be able to handle the “audience restrictions” ...
Initial troubleshooting As always, one of the first things to check is the event viewer to see if an event was generated detailing the error. Additionally check the %windir%\debug for the adamsetup.log and adamuninstall.log (this last one is only created during the uninstall process). These two logs will tell you where the setup is failing and what should be checked. It also pays to know that setup errors are written to the registry. If you cannot find the following key there was no failure as the ...
LDAP is not Active Directory, though Active Directory is LDAP. As someone who drinks the Microsoft Kool-Aid, I found myself using LDAP for something other than Active Directory and I thought I should share what I have found. The problem domain was to connect a new MVC application to an existing Sun One LDAP Store. First off, authenticating an MVC application using forms mode authentication and the Membership providers is straight forward. Start with the ASP.NET MVC 2 Web Application Template that ...
In a previous post, I wrote about how to get LDAP authentication working in Collabnet. By default, all LDAP users are put into the Users role on the server. For most purposes, this is just fine, and I don’t have a way to change this. The documentation gives hints that you can add them to other roles, but for now, I don’t have the need. However, adding permissions to different repositories is a different question. To add them, go to the repositories list, select Access Rules and then you can enter ...
We want to use both subversion usernames and passwords as well as Active Directory for our authentication on our Collabnet subversion server. This has proven to be more of a challenge than we thought, mostly because Collabnet’s documentation is weak in this area. To supplement that documentation, I add my own. The first thing to understand is that the attribute that you specify in the LDAP Login Attribute ONLY applies to lookups done for the user. It does NOT apply to the LDAP Bind DN field. Second, ...
I've installed SharePoint 2010 and create first site collection. When I try to specify Target Audience for Announcements webpart in Home page via WebPart Properties, there is no "Target Audience" option. When I did google, articles which specifies how to set Target Audience for List. But that's not what I need. This article will explain how to get Target Audience for webpart in SharePoint 2010 sites. How to specifiy Target Audience for Webpart in SharePoint 2010? Well, It's obvious that free versions ...
Most of the time, I get question from new friends who work in other technologies that "SharePoint is for Content Management/WebSite Creation?". Well, it's common because SharePoint is sucessor of Microsoft Content Management Server (CMS) which dedicatedly used for Web Content Management. SharePoint Portal 2001 predominantly focus on Content Management feature, whereas the later releases came with more features. It's very easy to create Colloboration portal with SharePoint in Minutes where it requires ...
Form Based Authentication (FBA) is great when exposing SharePoint on the internet or extranet, users don’t have to know the domain they are authenticating to, you can manage the authentication using LDAP or SQL database amongst other cool stuff. But during the configuration process you end-up disabling the Integrated Windows Authentication (IWA) because you want your users to be provided with an FBA page. Once you disable the IWA you get the following notification If Windows authentication is not ...
"Can I have 1,000s of MSMQ queues?" Yes, of course you can. "Is it a good idea to?" Maybe not. The queues themselves do not take up many resources: In memory - each ACTIVE queue is about 400 bytes (over half of which is kernel memory). On disk - each queue has a configuration file (in the \msmq\storage\lqs directory) and these are only 1-2kb each. So a thousand queues - all containing a single message, for argument's sake - are not going to be much of an overhead on an MSMQ machine. The problem may ...
Cuando se trabaja con LDAP desde asp.net, para el manejo de usuarios, es imprescindible brindar al usuario la posibilidad de poder cambiar su contraseña, así que usaremos un pequeño código que nos ayudará a realizarlo Private Sub ChangeUserADPassword(ByVal Username As String, ByVal Password As String, ByVal newPwd As String) Dim dcDNS As String = "whatever.com" Dim rootDN As String Dim rootDSE As DirectoryEntry Dim searchRoot As DirectoryEntry Dim userEntry As DirectoryEntry Dim searcher As DirectorySearcher ...
Worked on a CRM which had a need to limit the users that could be chosen to a specific OU. This should be simple enough with the CRM deployment config tool following these instructions: http://support.microsoft.co... However it did NOT work. The error I got was: Command failed with the following message: The parameter does not start with '-'; The command I used that gave me this error was Microsoft.Crm.DeploymentCon... userorgsettings update -organization:<ORG_NAME> -propertyname:UserRootPath ...
In my inital announcement I could only cover a small subset what ApiChange can do for you. Lets look at how ApiChange can help you to fix bugs due to wrong usage of an Api within a fraction of time than it would take normally. It happens that software is tested and some bugs show up. One bug could be …. : We get way too man log messages during our test run. Now you have the task to find the most frequent messages and eliminate the Log calls from the source code. But what about the myriads other log ...
Here are a few one-liners that use NetCmdlets. Some of these I've blogged about before, some are new. Let me know if you have questions, which ones you find useful, or how you altered these to suit your own needs. Send email to a list of recipient addresses: import-csv users.csv | % { send-email -to $_.email -from lance@nsoftware.com -subject "Important Email" –message "Hello World!" -server 10.0.1.1 } Show the access control list for a specific Exchange folder: get-imap -server $mymailserver -cred ...
Recently while making some changes for a client, I accidently dug myself into a pretty deep hole. I was trying to explicitly deny a certain user from reading a few group policies including the Default Domain Policy. When I went in to make the change I accidently denied Authenticated Users rather than the AD user object. This of course made the GPO inaccessible to all users including any with domain admin rights. The policy could no longer be modified in the GPMC and worse, changes could not be made ...
This week, I had a pretty strange request. An organization wanted to host multiple Email domains in their Exchange environment while keeping it hidden from external mail users and outside parties. Same organization was ok, same AD and Exchange servers were not. The mail flow portion was pretty simple. Added a new accepted domain to Exchange 2007, to the spam filter appliance, configure LDAP for this new SMTP domain, and change the primary email address for certain users. I used an email policy that ...
When passwords are set to expire after a certain number of days in Active Directory, the remote users suffer because they do not get a notification like the local users do that their password is going to expire. Eventually, it becomes too late for them to change their passwords and they get locked out. I found this out recently and did not believe that there was no built in support for this. I started researching and indeed, there was no built in support. The solution was to email the users, either ...
Its been quite a bit of struggle for me to find an accurate way of finding the netbios name of a domain from AD using System.DirectoryServices. In case you are in the same jam here how you do it. Connect to AD using the following ldap url: LDAP://CN=Partitions,CN=Con... When querying AD using the Directory Searcher object uses the following filter: netbiosname=* This should give you a record from AD containing the netbios name of the domain as the ...
We're removing WINS from our environment. Don't ask me why, I'm not a big fan of the idea... but they don't pay me to make decisions, they pay me to make things work. Things work fine without WINS, once you've joined the domain, DNS takes it all over and everything works. However, we have a utility that does most of those tasks needed to join a machine to the domain -- creates an INI file used to create the machine account, renames the machine to meet our standards, and does the join (among other ...
Recently I have been looking in to some issues relating to mixed Novell and AD Authentication at customers sites and there does not seem to be too much information that is readily available so I thought it might be useful if I post some of the details and links here as a helper to others? ;-) One of the most interesting points is that it would appear that Novell really hasn't done much to the Novell Client in quite a while, and even with the advent of Vista it has not so much revisited the classic ...
So my exchange server stopped working along with the web server and such, and system attendant started hanging in startup. I searched for the problem and really didn't find anything useful until I found a single forum response that solved the problem. Here's the error message I was seeing in the event viewer: Process MSEXCHANGEADTOPOLOGYSERVICE... (PID=3392). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified ...
Kevin posted an interesting comment to my last post about how to setup HTTP authentication on Windows Vista and that was that this sort of thing should be built into SSAS itself. While this is not a bad idea, I don't know if it would be high on the list of things that I would like to see added to SSAS. I don't have a written list as such, but here are few things off the top of my head that I would like to see in future versions. After I compiled this list I searched the connect site and added links ...
By default Office SharePoint Server 2007 imports all profiles from the Active Directory Database. This presents an issue for some companies (mine in particular ;)). After doing some searching I found an older article by Michael Bollhoefer. He tipped me off to the following LDAP filter which worked beautifully, and after running a full profile import and reindexing our SharePoint Search those old Inactive profiles were gone from the Database and the search. (&(objectCategory=perso... ...
Earlier this week, Microsoft rather quietly released it's Windows Live Hotmail offering. Along with the release, a replacement for the Outlook Express and Windows Mail desktop clients was announced as well as new software to integrate web mail with Outlook, called the Outlook Internet Mail Connector. Outlook Express and Windows Mail will be replaced with a new desktop product called Windows Live Mail in the coming weeks. The program will handle POP, IMAP, and Windows Live Hotmail accounts and is ...
In Scenario1 I blogged how to get Certificate using the X509Store Class. Where I used something like this.X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser); But after spending a bit of time with the X509Store I realized it has limitations. The StoreLoacation enum has only 2 options: CurrentUser: The X.509 certificate store used by the current user. LocalMachine: The X.509 certificate store assigned to the local machine. But I wanted to Load Certificate from a Remote LDAP Server... ...
I found my more detailed notes on the package flags. A couple of corrections: The flag “524288” specifically tells whether an app is published or assigned – it’s set for assigned, unset for published. 8 is typically set for published apps and cleared for assigned. I promised code. private void SearchAD(string target, string policy, string policyname) { DirectoryEntry entry = null; try { entry = new DirectoryEntry(policy); } catch (COMException Ex) { toolStripStatusLabel1.Text = "Couldn't connect ...
Sorry about the delay. Last time I dug into the SYSVOL portion of app distribution via Group Policy. This time, the Active Directory side. I'm sure you already know that the net result of GP distribution is that if the user is in the appropriate group, the app appears in Add/Remove programs. The file on the Sysvol is important -- we've seen cases where for some reason the .AAS file disappeared; when it did, the app stopped appearing in Add/Remove Programs. The other half is, of course, in Active ...
My newest project at work, as a Web System's Analyst has been to evaluate, aquire, install and configure a Web Application for tracking Issues or Problems provided by Computer Services for 150 to 200 users. IssueTrak 7.0 by Global Support Software is a Web App consisting of SQL Server, Stored Procs, Active Server Pages, CSS, scripting. When you aquire IssueTrak, you also need SQL Server 2005 with the Management tool so you can manage the database, run scripts, and create and schedule jobs. I customized ...
To retrive all imformation from avtive directory through ldap protocol using objX509Cert = System.Security.Cryptograph... string filter = "mail=*"; xd = lcl.LDAPInfo(filter); public XmlDocument LDAPInfo(string filter) { XmlDocument xd = new XmlDocument(); string domainAndUsername = string.Empty; string userName = string.Empty; string passWord = string.Empty; string Sur = ""; string Cn = ""; string Name = ""; string GName = ""; string DGname = ""; string Member = ""; string Init = ...
In computer networking, the Lightweight Directory Access Protocol, or LDAP ("ell-dap"), is a networking protocol for querying and modifying directory services running over TCP/IP. An LDAP directory usually follows the X.500 model: it is a tree of entries, each of which consists of a set of named attributes with values. While some services use a more complicated "forest" model, the vast majority use a simple starting point for their database organization. An LDAP directory often reflects various political, ...
In computer networking, the Lightweight Directory Access Protocol, or LDAP ("ell-dap"), is a networking protocol for querying and modifying directory services running over TCP/IP. An LDAP directory usually follows the X.500 model: it is a tree of entries, each of which consists of a set of named attributes with values. While some services use a more complicated "forest" model, the vast majority use a simple starting point for their database organization. An LDAP directory often reflects various political, ...
I'm just going through a proof of concept at a client's site for an AG+AAC Implementation and I was looking at bringing the AG up to 4.2.2 as I heard there were a few critical patches, and interestingly enough the link to 4.2.2 from CTX108902 ends up pointing at a 4.2.3 Download?? BTW - Don't forget to remove your existing Admin Tool and then download and install from fresh after upgrading the CAG!(But you knew that didn't you? ;-) The 4.2.2 lists these Known Issues and Issues Fixed: Known Issue(s) ...
.Net Directory Services Programming – C# - Part 3 Topics DirectorySearcher – the other critical class in the DirectoryServices namespace. Review Because a lot of your Directory Services (DS) development will involve querying DS for data, it makes sense that this is a powerful class offered in the namespace, and below are some of the features: DirectorySearcher – Performs the initial queries against AD SearchResult – A single object reference from a search performed by DirectorySearcher ...
This article explains how to add the users to a PDL programmatically. In large organizations, most of the employees may belong to more than one project project/work groups. Each project/workgroup maintains a separate distribution list for communicating with its members. As number of members in a workgroup increases, maintaining the PDL becomes an overhead. One way to do it is to automate the process In this process, official email-id of the all members are entered in a text file. We will read from ...
For Authorization we had the requirements that we had to be able to easily assign a specific user to a certain "role" and they would have all the priveledges associated with that role. We had to be able to make users members of multiple roles. We also had to be able to configure what specific priveledges belonged to each role. In addition, we had to be able to assign a specific user to a specific role, but then also give them access to one or more specific priviledges in addition to those granted ...
I've been looking for and testing many different Content Management Systems and this one takes the cake. On top of offering top noch workflow management, Active Directory and LDAP Integration, it has a concept called "Smart Spaces". This allows the administrator to easily control security by creating rules on each space (folders) that allow, deny, or direct content to another location. I have a very large collection of electronic documentation, such as word documents and PDF files. The Alfreso search ...
Here is a quick Vbscript that can be used to create roles in ADAM. I suppose you can also use Ldifde but, I get lazy formatting the .LDF file, etc. So here is what this script does: It calls the input file specified when executing the script. (e.g. cscript CreateADAMRoles.vbs ) It reads the input file, and begins the loop line by line until the end of the file. During each loop, it performs the following ADSI routines. Connects to LDAP defined within the Global Settings. (e.g. LDAP://localhost:389/cn=rol... ...

I've been running several searches against a GDS LDAP directory - and
the Timeout and ServerTimeLimit properties of the DirectorySearcher
class appear to have no effect.

After further testing I've discovered that the problem is caused because I was using sub second timeout periods eg 500ms - and the LDAP server I'm accessing (GDS) only supports timeout periods of whole number seconds.

HTH

Tim

You have got to go check out these documents just posted by Microsoft on their press release page. My favorite quote: "In short, the Statement of Objections claims Microsoft has failed to create Technical Documentation that the Commission did not read, and for which no competitor has sought a license, all to address a problem about which no customer has ever complained."
Courtesy of Doug Brown at DABCC.COM there is this news of what is effectively a hotfix for the CAG (Citrix Access Gateway) I can also confirm with Doug that this will simply update the device without blowing away your existing Config, Licences, etc. However, it is always good practice to plan for the unforseen? so it's not a bad idea to save a copy of the config in a safe place before upgrading, don't you think? ;-)) If you are currently running Citrix Access Gateway version 4.2 you can upgrade to ...
New just been posted in MSmobiles about an open source Project called Funambol Now MSmobiles has always been keen to be setting the record straight with regard to MS's claims about the Push email (MSFP, AKU2, etc.) just being around the corner, pointing out about the onging court action by Visto, so it will be interesting to see what sort of reply Jason has regarding this and when we might actually start to see some releases by the Carriers? What is quite exciting is that although this is listed ...
No rest for the wicked! My first week back has meant clocking up the miles and visiting vendors and attending meetings. One of the software vendors I went to visit was Sybase at their Maidenhead office and particularly their mobility division. I would like to thank Ian Matthews and Tim Roberts for there hospitality. The day visit was a deep dive into the Afaria mobility management product. Afaria, if you have done your homework, is the pretty much the market leader in the mobility management space ...
Custom Properties in AD , Open DirectorySearcher Queries and Large LDAP Queries QUESTION Mike, I am new to AD and LDAP but have programmed the last couple of years in C#. I have read your articles. I am trying to write a program that will go in and check three columns in a User OU for each of the objects in that OU. I need to check the sAMAccountName, EmployeeNumber and UIDNumber. I have to make sure that the EN and the UID are the same but they must be different than the sAMAccountName. I then must ...
This occurs when using ADSI (ActiveDs.dll) when retreiving a property value whose type (in the schema) is not the same as that specified in the method you use. In my case I was trying to access a property which was a dn (distinguished name), however the method I was using to retrieve the value was defaulting to type ADSTYPEENUM.ADSTYPE_CASE_IG... This caused the following error: Exception Information****************... Type: System.Runtime.InteropServi... ...
.Net Directory Services Programming – C# - Part 2 Topics Covered Binding – How to connect to directory services and the flexibility of the bind process. Properties – Review of the most commonly used AD properties, and a look at a few others. Binding You will remember in Part 1 that we provided a very simple code example of binding to AD and retrieving the object reference for the user object CN=Mike Hamilton. Here I want to review a little more in detail the binding process. Binding ...
As you venture into this aspect of development, you will likely use 1 of 2 assemblies to provide you access to Active Directory (AD) or other directory services providers (DSP's). Microsoft's System.DirectoryServices is the most fundamental - providing core LDAP (lightweight directory access protocol) access to AD and its schema/components. The other is Microsoft's Active Directory Services Interface assembly (ADSI) - the ActiveDs.DLL - which is not so documented but provides a hoard of features ...
There is a new update available for the Citrix Access Gateway Also be aware that the Admin Interface does change significantly from 4.0 to 4.1, it would appear on the surface of it that 4.1 was a bit "buggy" so it might be a better idea to try the 4.1.2, although as usual, your mileage may vary ;-)) http://support.citrix.com/k... orhttp://support.citrix.com... Resolved in this Hotfix 1. Cached LDAP user group information was not ...
So far my testing has only substantiated the RFCs that define LDAP communications. Since the client first authenticates then subsequently makes its request operations, it would be impossible for Big-IP to identify the request without some theoretical LDAP proxy capability. An LDAP proxy would need to authenticate a user locally and then identify the nature of a request, upon which Big-IP would then authenticate against the actual LDAP servers themselves and subsequently forward on the client request ...
Bad news, the LDAP browser opens a connection to the the server prior to sending commands. This nails up a TCP connection, at this point all load balancing decisions are over. Any intervention by Big-IP will break the IP session. If the Vingette servers work similarly, then a rule will not work. Also as a side note the LDAP browser reveals a potential security exploit, given that there is an apparent long-lived TCP connection. I must consult RFCs 1777 and 2251 ...
The issue is Vignette makes LDAP v.2 requests that are load balanced to a Master and Consumer, Sun Java System Directory Server 5.2. I must parse the transactions to identify “read“ and “write“ requests. Read requests may be sent to either servers, while the write requests must be sent only to the Master LDAP server. Read request redirected to Master or Consumer LDAP server: SearchRequest CompareRequest Write requests forwarded to Master LDAP server: ModifyRequest AddRequest ...